Root user consume huge amount of CPU

Question

I can't understand why root user take huge CPU load, since there is no special processes running.

`top -c`

"top -c" command results

That could be an exploitative mining process (like for Bitcoin or other cryptocurrencies). Most processes do not hide their name. You could check (netstat, tcpdump) if the application does any network traffic. — Dabu, Aug 20 '18 at 14:43

score 6 · Answer 1 · answered Aug 20 '18 at 15:40

If your company has a breach response process, I would invoke that now.

Otherwise:

This looks potentially malicious, I would recommend looking at it closer in /proc.

With a root privilege shell, either via su or sudo -s, change into the directory /proc/{pid}. Changing {pid} for the pid shown by top, 30530 in this case.

There are many things to look at to get a clue about this process, here are a few:

exe : link to executable that started this process. # readlink -f exe
cmdline : command line that started this process. # cat cmdline | tr \\0 \\n
environ : environment variables in this process. # cat environ | tr \\0 \\n
fd : directory of links to open files and sockets.

Unless you can find a reason it's legitimate, I'd kill it via kill -9 {pid} and investigate as a potential breach.

It might even be worth an `strace` or a `pstack` on the process to see what it's up to. — Andrew Henle, Aug 20 '18 at 15:49

Root user consume huge amount of CPU

top -c

1 Answers1

`top -c`